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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings of claims in the 
application: 

LISTING OF CLAIMS 

1. (Currently Amended) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites domains , comprising: 
receiving, at an access server coupled to a first communication network and a second 

communication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain site 
identifier associated with a domain site on said second communication network; and 
authorizing subscriber access to said domain site on said second communication network 
upon determinin g, in response to said receiving, that said domain site identifier is 
included in a list of authorized domains domain sites associated with foF a virtual circuit 
through which used to r e c e ive said communication is received , said authorizing 
r e sponsive to said receiving . 

2. (Currently Amended) The method of claim 1, further comprising terminating said 
communication when said domain site identifier is not included in said Hst. 



3. (Original) The method of claim 1 wherein said communication comprises a Point-to-Point 
Protocol (PPP) session. 
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4. (Currently Amended) The method of claim 3 wherein 
said PPP session comprises a tunneling session; 

said determining further comprises assigning a tunnel E); and 
said PPP session is forwarded onto a tunnel associated with said tunnel ID when said 
subscriber is authorized to access said domain site . 

5. (Original) The method of claim 4 wherein said tunneling session comprises an L2TP 
session. 

6. (Currently Amended) The method of claim 5 wherein said domain site identifier included in 
said communication is a domain name, and wherein said determining further comprises: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes domain names of authorized domain 

sites domains for said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain name included in said 

communication is not in said authorized domain list; 
indicating said domain site is authorized when said domain name included in said 

communication is in said authorized domain list; 
issuing a tunnel ID request including said domain name when said domain site nam e is 

authorized; and 
receiving a tunnel ID. 



3 



Docket No.: CISCO-3096 
(032590-118) 

7. (Original) The method of claim 6 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

8. (Original) The method of claim 6 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

9. (Currently Amended) The method of claim 5 wherein said determining further comprises: 
issuing a tunnel ID request including said domain site identifier nam e and a virtual circuit 

identifier; and 
receiving a tunnel ID. 

10. (Original) The method of claim 9 wherein an AAA server services said tunnel ID request. 

1 1 . (Original) The method of claim 9 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

12. (Currently Amended) The method of claim 5 wherein said domain site identifier included in 
said communication is a domain name, and wherein said determining further comprises: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain list that includes domain names of authorized domain sites domains for 
said virtual circuit identifier; 
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indicating said domain site is unauthorized when said domain name included in said 

communication is not in said authorized domain list; 
indicating said domain site is authorized when said domain name included in said 

communication is in said authorized domain list; and 
perforaiing a table lookup based on said domain name to obtain a tunnel ID when said 

domain site name is authorized. 

13. (Original) The method of claim 12 wherein said virtual circuit identifier comprises a 
VPl/VCI identifier. 

14. (Currently Amended) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of domain sites 
domains , the method comprising: 

receiving, at an access server coupled to a first communication network and a second 
conmiunication network, a communication from a subscriber on said first 
communication network, said communication optionally including a domain site 
identifier associated with a domain site on said second communication network; and 

authorizing subscriber access to said domain site on said second communication network 
upon determinin g, in response to said receiving, that said domain site identifier is 
included in a list of authorized domains domain sites associated with fef a virtual circuit 
through which used to r e c e iv e said communication is received , said authorizing 
responsiv e to said rec e iving . 
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15. (Currently Amended) The program storage device of claim 14, further comprising 
terminating said communication when said domain site identifier is not included in said list. 

16. (Original) The program storage device of claim 14 wherein said communication comprises a 
Point-to-Point Protocol (PPP) session. 

17. (Currently Amended) The program storage device of claim 16 wherein 
said PPP session comprises a turmeling session; 

said determining furth e r comprises assigning a turmel ID; and 
said PPP session is forwarded onto a turmel associated with said turmel ID when said 
subscriber is authorized to access said domain site . 

18. (Original) The program storage device of claim 17 wherein said tunneling session comprises 
an L2TP session. 

19. (Currently Amended) The program storage device of claim 18 wherein said domain site 
identifier included in said communication is a domain name, and wherein said determining 
further comprises: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domain sites domains for 
said identifier; 
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indicating said domain site is unauthorized when said domain name included in said 

communication is not in said domain list; 
indicating said domain site is authorized when said domain name included in said 

communication is in said domain list; 
issuing a tunnel ID request including said domain name when said domain site name 

is authorized; and 
receiving a tunnel ID. 

20. (Original) The program storage device of claim 19 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

21. (Original) The program storage device of claim 19 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

22. (Currently Amended) The program storage device of claim 18 wherein said determining 
further comprises: 

issuing a tunnel ID request including said domain site identifier name and a virtual circuit 

identifier; and 
receiving a tunnel BD. 

23. (Original) The program storage device of claim 22 wherein an AAA server services said 
tunnel ID request. 
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24. (Original) The program storage device of claim 22 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

25. (Currently Amended) The program storage device of claim 18 wherein said domain site 
identifier included in said communication is a domain name, and wherein 

said determining fiuther comprises: 

performing a table lookup based on a virtual circuit identifier to obtain an 

authorized domain list that includes domain names of authorized domain sites 

domains for said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain name included in said 

communication is not in said authorized domain list; 
indicating said domain site is authorized when said domain name included in said 

communication is in said authorized domain hst; and 
performing a table lookup based on said domain name to obtain a tunnel ID when said 

domain site name is authorized. 

26. (Original) The program storage device of claim 25 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

27. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites domains , the apparatus comprising: 
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means for receiving, at an access server coupled to a first communication network and a 
second communication network, a communication fi-om a subscriber on said first 
communication network, said communication optionally including a domain site 
identifier associated with a domain site on said second communication network; and 

means for authorizing subscriber access to said domain site on said second conamunication 
network upon determinin g, in response to said receiving, that said domain site identifier 
is included in a list of authorized domains domain sites associated with fer a virtual 
circuit through which us e d to r e ceiv e said communication is received , said authorizing 
responsiv e to said r e c e iving . 

28. (Currently Amended) The apparatus of claim 27, further comprising means for terminating 
said communication when said domain site identifier is not included in said list. 

29. (Original) The apparatus of claim 27 wherein said communication comprises a Point-to- 
Point Protocol (PPP) session. 

30. (Currently Amended) The apparatus of claim 29 wherein 
said PPP session comprises a tunneling session; 

said determining fiirther comprises means for assigning a tunnel DD; and 
said PPP session is forwarded onto a txmnel associated with said tiumel ED when said 
subscriber is authorized to access said domain site . 
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31. (Original) The apparatus of claim 30 wherein said tunneling session comprises an L2TP 
session. 

32. (Currently Amended) The apparatus of claim 31 wherein said domain site identifier 
included in said communication is a domain name, and wherein said determining further 
comprises: 

means for issuing an authorized domain list request including a virtual circuit 
identifier; 

means for receiving an authorized domain list that includes domain names of authorized 

domain sites domains for said identifier; 
means for indicating said domain site is unauthorized when said domain name included 

in said communication is not in said domain list; 
means for indicating said domain site is authorized when said domain name included in 

said communication is in said domain list; 
means for issuing a tunnel ID request including said domain name when said domain 

site nam e is authorized; and 
means for receiving a tunnel ID. 

33. (Original) The apparatus of claim 32 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 



10 



Docket No.: CISCO-3096 
(032590-118) 

34. (Original) The apparatus of claim 32 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

35. (Currently Amended) The apparatus of claim 31 wherein said determining further 
comprises: 

means for issuing a tunnel ID request including said domain site identifier name and a 

virtual circuit identifier; and 
means for receiving a tunnel K). 

36. (Original) The apparatus of claim 35 wherein an AAA server services said tunnel ID 
request. 

37. (Original) The apparatus of claim 35 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 

38. (Currently Amended) The apparatus of claim 31 wherein said domain site identifier 
included in said communication is a domain name, and wherein said determining fiirther 
comprises: 

means for performing a table lookup based on a virtual circuit identifier to obtain an 
authorized domain list that includes domain names of authorized domain sites 
domains for said virtual circuit identifier; 

means for indicating said domain site is unauthorized when said domain name included 
in said communication is not in said authorized domain list; 
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means for indicating said domain site is authorized when said domain name included in 

said communication is in said authorized domain list; and 
means for perfomiing a table lookup based on said domain name to obtain a tunnel E) 

when said domain site name is authorized. 



39. (Original) The apparatus of claim 38 wherein said virtual circuit identifier comprises a 
VPWCI identifier. 



40. (Currently Amended) An access server capable of allowing forcing subscribers of a 
communications system to gain exclusive access e xclusiv e ly to a domain site n e twork 
associated with a virtual circuit, said access server comprising: 

an authorized domain list request generator capable of generating an authorized domain list 
request including a virtual circuit identifier associated with a virtual circuit through 
which us e d to accept a PPP session authentication request is accepted , said PPP session 
authentication request including a domain site identifier; 

an assessor capable of determining whether said domain site identifier is in an authorized 
said domain list associated with said virtual circuit ; 

a tunnel TD request generator capable of generating a tunnel ED request including said 
domain site identifier; and 

an authorizer capable of granting users access to said domain site acc e ss based upon said 
authorized domain list. 
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41. (Original) The access server of claim 40, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request; 
a first forwarding interface capable of sending said authorized domain list request to an 
AAA server; 

a second receiving interface capable of accepting a requested authorized domain list; 
a second forwarding interface capable of sending said tunnel ID request to an AAA server; 
a third receiving interface capable of accepting a requested tunnel E); and 
a third forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel E). 

42. (Original) The access server of claim 40 wherein said tunneling session comprises an L2TP 
session. 

43. (Original) The access server of claim 42 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

44. (Original) The access server of claim 43 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

45. (Original) The access server of claim 41 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-In User Service (RADIUS) protocol. 
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46. (Currently Amended) An access server capable of allowing forcing subscribers of a 
communications system to gain exclusive access exclusiv e ly to a domain site network 
associated with a virtual circuit, said access server comprising: 

a tunnel ID request generator capable of generating a tunnel ID request, said tunnel ID 
request including a virtual circuit identifier associated with a virtual circuit through 
which us e d to acc e pt a PPP authentication request is accepted ; and 

an authorizer capable of granting users domain site access based upon a list of authorized 
domains domain sites associated with fer said virtual circuit. 

47. (Currently Amended) The access server of claim 46, further comprising: 

a first receiving interface capable of accepting said PPP session authentication request, said 
PPP session authentication request including a domain site identifier; 

a first forwarding interface capable of sending said tunnel ID request to an AAA server; 

a second receiving interface capable of accepting a requested tunnel ED; and 

a second forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel E). 

48. (Original) The access server of claim 47 wherein said tunneling session comprises an L2TP 
session. 

49. (Original) The access server of claim 48 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 
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50. (Original) The access server of claim 46 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

5 1 . (Original) The access server of claim 47 wherein said AAA server and said access server 
communicate using the Remote Authorization Dial-Li User Service (RADIUS) protocol. 

52. (Currently Amended) An access server capable of allowing forcing subscribers of a 
communications system to gain exclusive access exclusiv e ly to a domain site n e twork 
associated with a virtual circuit, said access server comprising: 

a memory device capable of storing a domain list table and a tunnel ID table, said domain 
list table including a plurality of virtual circuit identifiers and associated domain site 
identifiers, said tunnel ID table including a plurality of domain names and associated 
tunnel IDs; 

an authorized domain list determiner capable of determining an authorized domain hst based 
upon said domain list table and a domain site identifier within a PPP authentication 
request, said PPP authentication request received on a virtual circuit having a virtual 
circuit identifier; 

an assessor capable of determining whether said domain site identifier within said PPP 
authentication request is in said domain list; 
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a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table 

and said domain site identifier; and 
an authorizer capable of granting subscribers domain site access based upon said authorized 

domain list. 



53. (Previously Presented) The access server of claim 52, further comprising: 

a receiving interface capable of accepting said PPP session authentication request; and 
a forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ID. 

54. (Original) The access server of claim 53 wherein said tuimeling session comprises an L2TP 
session. 

55. (Original) The access server of claim 54 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

56. (Original) The access server of claim 52 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

57. (Currently Amended) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites domains , comprising: 
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receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites domains for a virtual circuit 
through which us e d to r e c e iv e said L2TP session is received , said determining 
comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes domain site identifiers of authorized 

domain sites domain s for said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain name site identifier 

included in said L2TP session is not in said authorized domain hst; 
indicating said domain site is authorized when said domain site identifier name is in 

said authorized domain Hst; 
issuing a tunnel ID request including said domain site identifier nam e when said domain 

site name is authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ED when said subscriber is authorized to access said 
domain site. 
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58. (Previously Presented) The method of claim 57 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said turmel ED request. 

59. (Previously Presented) The method of claim 57 wherein said virtual circuit identifier 
comprises a VPITVCI identifier. 

60. (Currently Amended) A method for controlling subscriber access in a network capable of 
establishing cormections with a plurahty of domain sites domains , comprising: 

receiving an L2TP session fi'om a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites domains for a virtual circuit 
through which used to r e c e ive said L2TP session is received , said determining 
comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 
domain hst that includes domain site identifiers of authorized domain sites for 
domains far said virtual circuit identifier; 

indicating said domain site is unauthorized when said domain site identifier included in 
said L2TP session nam e is not in said authorized domain list; 
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indicating said domain site is authorized when said domain site identifier included in 

said L2TP session name is in said authorized domain list; 
perforaiing a table lookup based on said domain site identifier name to obtain a tunnel 

ED when said domain site name is authorized; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel E) when said subscriber is authorized to access said 
domain site . 

61. (Previously Presented) The method of claim 60 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

62. (Currently Amended) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of domain sites 
domains , the method comprising: 

receiving an L2TP session fi"om a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites domains for a virtual circuit 
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through which used to receiv e said L2TP session is received , said determining 
comprising: 

issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domain site domains for 

said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session nam e is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier included in 

said L2TP session nam e is in said authorized domain list; 
issuing a tunnel ID request including said domain site identifier nam e when said domain 

site nam e is authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site . 

63. (Previously Presented) The program storage device of claim 62 wherein 
said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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64. (Previously Presented) The program storage device of claim 62 wherein said virtual circuit 
identifier comprises a VP WCI identifier. 

65. (Currently Amended) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of domain sites 
domains , the method comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled to 
at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites domains for a virtual circuit 
through which us e d to rec e iv e said L2TP session is received , said determining 
comprising: 

performing a table lookup based on a virtual circuit identifier to obtain an authorized 

domain list that includes domain site identifiers of authorized domain sites for 

domains far said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session nam e is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier included in 

said L2TP session nam e is in said authorized domain list; 
performing a table lookup based on said domain site identifier name to obtain a tunnel 

ID when said domain site name is authorized; and 
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assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel E) when said subscriber is authorized to access said 
domain site. 



66. (Previously Presented) The program storage device of claim 65 wherein said virtual circuit 
identifier comprises a VPWCI identifier. 



67. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites domains , said apparatus 
comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
including a domain site identifier associated with a domain site on said at least one other 
communication network; 

means for determining whether said subscriber is authorized to access said domain site based 
upon said domain site identifier and a list of authorized domain sites domains for a 
virtual circuit used to receive said L2TP session, said means for determining 
comprising: 

means for issuing an authorized domain list request including a virtual circuit identifier; 
means for receiving an authorized domain list that includes domain site identifiers of 
authorized domain sites domains for said virtual circuit identifier; 
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means for indicating said domain site is unauthorized when said domain site identifier 
included in said L2TP session nam e is not in said authorized domain Ust; 

means for indicating said domain site is authorized when said domain site identifier 
included in said L2TP session name is in said domain list; 

means for issuing a tunnel JD request including said domain site identifier name when 
said domain site name is authorized; 

means for receiving a tunnel ED; and 

means for assigning said tunnel ID; and 
means for authorizing subscriber access to said domain site when said domain site identifier 

is included in said authorized domain list, wherein said L2TP session is forwarded onto 

a tunnel associated with said tunnel ID when said subscriber is authorized to access said 

domain site . 

68. (Previously Presented) The apparatus of claim 67 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

69. (Previously Presented) The apparatus of claim 67 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 

70. (Currently Amended) An apparatus for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites domains , comprising: 

means for receiving an L2TP session from a subscriber using a first communication network 
coupled to at least one other communication network, said L2TP session optionally 
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including a domain site identifier associated with a domain site on said at least one other 

communication network; 
means for determining whether said subscriber is authorized to access said domain site based 

upon said domain site identifier and a list of authorized domain sites domains for a 

virtual circuit through which us e d to receiv e said L2TP session is received , said means 

for determining comprising: 

means for performing a table lookup based on a virtual circuit identifier to obtain an 

authorized domain list that includes domain site identifiers of authorized domain 

sites for domains far said virtual circuit identifier; 
means for indicating said domain site is unauthorized when said domain site identifier 

included in said L2TP session nam e is not in said authorized domain list; 
means for indicating said domain site is authorized when said domain site identifier 

included in said L2TP session nam e is in said authorized domain list; 
means for performing a table lookup based on said domain site identifier nam e to obtain 

a tunnel ID when said domain site nam e is authorized; and 

assigning said tunnel ID; and 
means for authorizing subscriber access to said domain site when said domain site identifier 
is included in said authorized domain list, wherein said L2TP session is forwarded onto 
a tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site . 

71. (Previously Presented) The apparatus of claim 70 wherein said virtual circuit identifier 
comprises a VPWCI identifier. 
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